[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8685) Invalid memory access
Breno Leitao wrote:
> Hello Howard,
>
> On Thu, Jul 06, 2017 at 08:55:01PM +0100, Howard Chu wrote:
>> leitao@debian.org wrote:
>>> Full_Name: Breno Leitao
>>> Version: upstream
>>> OS: Debian
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (32.104.18.202)
>>>
>>>
>>> Currently, do_random() function in tests/progs/slapd-mtread.c uses a random
>>> number (upto RAND_MAX) to access an array that is much smaller than RAND_MAX,
>>> causing a segfault.
>>>
>>> This causes a segmentation fault and more details could be found at
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866122
>>>
>>>
>> Thanks for the report. I've examined your proposed patch in your debian
>> bugtracker. It doesn't make much sense though.
>>
>> The random number is being correctly scaled, line 682:
>>
>> int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0);
>>
>> Which means the value of r can only be from 0 to nvalues-1.
>>
>> And there should be no difference between nvalues and i, since on line 657:
>>
>> nvalues = ldap_count_entries( ld, res );
>>
>> Since i is simply iterated through all of the entries in the response, the
>> two values cannot disagree.
>
> Thanks for looking at it, and your suggestion made me revisit it. let me
> share I am finding in the debug. This is the failure frame:
You cannot possibly diagnose this with an optimized binary. You're missing
several crucial variables.
Your analysis here is completely invalid.
>
> #5 do_read (ld=0x3fff980008e0, entry=0x6e6d756c413d756f <error: Cannot access memory at address 0x6e6d756c413d756f>,
> attrs=0x20020058 <srchattrs>, noattrs=<optimized out>, maxloop=<optimized out>, maxretries=<optimized out>, force=<optimized out>,
> idx=<optimized out>, chaserefs=<optimized out>, delay=<optimized out>, nobind=<optimized out>) at ../../../../tests/progs/slapd-mtread.c:791
>
> On this frame, these are the values we have:
>
> i = 0
> do_retry = 0
> rc = <optimized out>
> thrstr = "Read(1): entry=\"0 cnt: 1 (retried 0) (dc=example,dc=com)\000u=Alumni Association,ou=People,dc=example,dc=com)\000mple,dc=com)", '\000' <repeats 6641 times>...
> e = <optimized out>
> attrs = {0x200072a0 "1.1", 0x0}
> rc = 0
> nvalues = <optimized out>
> res = 0x3fffa0001ac0
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/